FAQ

General

How does it work?

We look at all the public repositories of a given organization on Github.com. For each project, we look for a dependency file (today: package.json, composer.json, packages.config, *.csproj, Gopkg.lock and Gemfile.lock). For each dependency, we look for the open collective that is maintaining it and we surface them.

How can I list my project?

If you are already on Open Collective, make sure that you have added goals so that people know what do you need money for.
If for whatever reason your open source project doesn't show up yet, please contact us.

Who's behind BackYourStack?

Is it limited to projects registered on Open Collective?

Our goal is to surface any open source project looking for financing. However, as of today, we are only supporting open source projects that are hosted on Open Collective.

Is it limited to Javascript projects published on npm?

Our goal is to support any dependency managers in any languages. However, we are only detecting npm (JavaScript), nuget (C#), composer (PHP), dep (Go) and Gem (Ruby) dependencies for now. See how to contribute.

GitHub Permissions

Why do I need to sign in with GitHub?

You don't have to. If you don't sign in with your GitHub account, BackYourStack will only scan publicly available repositories. By authorizing BackYourStack to access your GitHub account, we will be able to also scan private repos. Note: we only look for package.json, composer.json, packages.config, *.csproj, Gopkg.lock and Gemfile.lockfiles and we are not publicly exposing your dependencies.

What if I don't want to connect my Github Account?

It's fine, you don't have to. You can also upload one or multiple package.json, composer.json, packages.config, *.csproj, Gopkg.lock and Gemfile.lock files.

Why does BackYourStack need so many GitHub permissions?

BackYourStack only wants access to your private repositories and look at the content of dependency files such as package.json, composer.json, packages.config, *.csproj, Gopkg.lock and Gemfile.lock. To do that, the only scope we need is the repo scope. The repo scope is unfortunately very wide and includes read and write access to all public and private repository data including: Code, Issues, Pull requests, Wikis, Settings, Webhooks and services, Deploy keys, and Collaboration invites.

TL;DR: we would love to ask for narrower permissions but Github doesn't let us do that. If that's an issue for you, use the upload functionality.